No, You’re Not Fired – But Beware Of Job Termination Scams

Scams

Some employment scams return an unexpected move arsenic cybercriminals displacement from “hiring” to “firing” staff

18 Feb 2025  •  , 5 min. read

Most of america are successful a occupation aliases looking for one. Or both. That’s mostly why employment and work-from-home scams are truthful celebrated among cybercriminals (and moreover immoderate state-aligned threat actors). The schemes typically lure nan personification by offering astonishing occupation aliases casual employment opportunities. But successful reality, each nan scammers usually want is your individual and financial information. In immoderate cases, victims whitethorn moreover extremity up unwittingly receiving and re-shipping stolen goods, aliases allowing their slope accounts to beryllium used for money laundering.

However, less-well known is nan employment termination scam. This turns nan thought connected its head: utilizing nan threat of losing your occupation alternatively than nan lure of gaining a caller 1 to drawback your attention. So what do they look for illustration and really tin you enactment safe?

What do occupation termination scams look like?

At their simplest, occupation termination scams are a type of phishing onslaught designed to instrumentality you into handing complete your individual and financial information, aliases connected clicking connected a malicious nexus which could trigger a malware download. Social engineering strategies utilized successful phishing purpose to create a consciousness of urgency successful nan victim, truthful that they enactment without reasoning things done first. And you can’t get much urgent than a announcement informing you that you person been dismissed.

It could get successful nan shape of an email from HR, aliases an charismatic third-party extracurricular nan company. It whitethorn show you that your services are nary longer required. Or it whitethorn declare to include specifications astir your colleagues that are excessively difficult to defy reading. The extremity end is to seduce you to click connected a malicious nexus aliases unfastened an attachment, possibly by claiming that it includes specifications of severance payments and termination dates.

Once you click through/open nan attachment, you mightiness find that:

• It triggers a covert malware install
• It requests you participate logins successful a fake phishing page

With your activity logins, adversaries could hijack your email aliases different accounts to entree delicate firm information and networks for theft and extortion. And if you reuse those logins crossed aggregate accounts, they whitethorn moreover beryllium capable to tally credential stuffing campaigns to unlock those accounts, too.

Why do they activity truthful well?

Termination scams are effective because they exploit nan credulity of quality beings, creating a consciousness of dread among nan victim, and instilling an urgent request for action. You’d beryllium difficult pressed to find an worker that didn’t want to cognize much astir their ain termination, aliases perchance contrived specifications of expected misconduct.

It’s nary coincidence that phishing remains a top-three first entree tactic for ransomware actors and has contributed to a quarter (25%) of financially motivated cyber-incidents complete nan past 2 years.

In nan wild

Several versions of this scam person been observed circulating successful nan wild. These include:

• An email impersonating nan UK’s Courts & Tribunals Service, purporting to incorporate a nexus to an employment termination document. Clicking done loads a spoofed website pinch nan Microsoft logo designed to seduce nan unfortunate into opening it connected a Windows device. It triggers a download of nan Casbaneiro (aka Metamorfo) banking trojan.
• An email purporting to come from nan victim’s HR department, which claims to incorporate a unit termination database and specifications connected caller positions, arsenic an attachment. Opening nan clone PDF triggers a clone DocuSign login shape requesting nan unfortunate enters their email reside and password to entree it.

How to spot a occupation termination scam

As pinch immoderate phishing attack, location are a fewer informing signs which should flash reddish if specified an email ends up successful your inbox. Take a heavy activity and look retired for giveaways specified as:

• An different sender reside that doesn’t lucifer nan stated sender. Hover your rodent complete nan “from” reside to spot what pops up. It whitethorn beryllium thing wholly different, aliases it could beryllium an effort to mimic nan impersonated company’s domain, utilizing typos and different characters (e.g., m1crosoft.com, @microsfot.com)
• A generic greeting (e.g., “dear employee/user”), which is surely not nan reside a morganatic termination missive would take.
• Links embedded successful nan email aliases attachments to open. These are often a tell-tale motion of a phishing attempt. If you hover complete nan nexus and it doesn’t look right, each nan much logic not to click.
• Links aliases attachments that don’t unfastened immediately, but petition you to participate logins. Never do truthful successful consequence to an unsolicited message.
• Urgent language. Phishing messages will ever effort to unreserved you into making a rash decision.
• Misspellings, grammatical aliases different mistakes successful nan letter. These are becoming rarer arsenic cybercriminals adopt generative AI tools to constitute their phishing emails, but they’re still worthy looking retired for.
• Going forward, beryllium connected your defender for AI-aided schemes wherever scammers could usage deepfake audio and video likenesses of existent group (that of your boss, perhaps) to instrumentality you into giving up confidential firm information.

Staying safe

To guarantee you don’t get caught retired by occupation termination scams, understand nan informing signs listed above. And besides see nan following:

• Use strong, unsocial passwords for each account, ideally stored successful a password manager
• Be judge to move connected two-factor authentication (2FA) for an other furniture of entree security
• Make judge each of your activity and individual devices are regularly patched and up to date
• If your IT section offers, subordinate regular phishing simulation exercises to understand what to look retired for
• If you receive a fishy message, ne'er click connected embedded links aliases unfastened nan attachment
• Contact nan sender done different channels if you’re concerned – but not by replying to nan email aliases utilizing nan interaction specifications listed connected it
• Report immoderate fishy emails to your employer’s IT department
• Check whether colleagues person received nan aforesaid message

Employment termination scams person been around for immoderate time. But if they’re still doing nan rounds, they must still beryllium working. Always beryllium sceptical of thing hitting your inbox.